~Brian's~ Websites: Buddy Hyphen Baker Website Network: [Dot US/Dot Com/Dot/ORG]

[~Brian~]

Ordered this printer as replacement for my HP Laserjet 1102w:

https://www.amazon.com/dp/B09MSPNYQ2?ref_=cm_sw_r_cp_ud_dp_2EVSESDJ08K2V2FK8JDJ
 

Brian

[~Brian~]

PRINTING SERVICES RESTORED ON .11:  Sunday, i ordered a replacement for my Laserjet pro 1102w.  Replaced her with the HP Laserjet MFP M140W.  (Other printer had a breakdown, and something broke inside, which you cannot fix, so you have to replace the printer.  This one has the Printing, SCANNING and COPYING that my old OfficeJet 4540 had, and is the smallest laser printer that is monochrome that is currently available.  Printing services respond on .11, and I was able to configure it Yesterday Evening.)

SURFACE GO 3:  Today, I also ordered the surface Go 3, so that I can have the power of DOVE in the palm of my hand, and she will run Windows 11 - I need a MS device that is NOT loaded with all of the work stuff I have on DOVE, but I will still have access to it, WITHOUT going back to my windows PC, which was mothballed in 2019/2020.  We shall see what happens with that, I should get it  in a couple to 3 days, I just have to decide what to name her

That's all from here

Brian

[~Brian~]

Added 5-12-22@10:20EDT

am glad you sorted out.
For automatic renewal of the certificates you need a cron job.

Create file /etc/cron,d/certbot with this content:

# Manually added by [PaulB] 2022-04-28 to renew yatebts.com SSL cert
# runs at 01:20 on every 5th day-of-month (do not change this)
20 1 */5 * * root certbot renew --post-hook "systemctl restart httpd"

Change file permision with:

chmod u=rw,g=r,o=r /etc/cron.d/certbot

Restart crond service

systemctl restart crond

or

service crond restart

or service cron restart for deb 11

I hope this helps, as certificates are valid 3 month and with this automation you can easely renew them.
Do not need to change anything in the apache configuration files if you configured the symlink of the certificates in the first place - and from your logs seems you did.

Thank you!

Added additional content for the commands above to make sense: ~Brian~

Welcome @afkpaul

Good tip but I think --deploy-hook is more appropriate. (snip from docs)

--deploy-hook DEPLOY_HOOK
                        Command to be run in a shell once for each
                        successfully issued certificate.

Also, only a reload is needed to refresh apache config. A restart is more disruptive

 

If you want to go full haxxor you can use killall -USR1 httpd

https://httpd.apache.org/docs/2.4/stopping.html#graceful

 

 

[~Brian~]

BBWN UPDATE (5/30/2022 @13:36 EDT)

ALL DOMAINS

The Following things were done today:

WORDPRESS UPDATES:  I did some updates on all domains:  Chief among those, was to check all domains, DOT US/DOT COM/DOT ORG and DOT INFO, to make sure that the sites have all of the security update recommendations that are/were called for under "Site Health". I checked the sites, and did the necessary updates, and Updated Wordpress to Version 6.0.

DIRECTORY PERMISSIONS:  These have been checked:  One domain still had difficulty with the plugins directory, so I had to make it manually, and then set the proper permissions:  Once that was done, started going through the plugins that we had previously installed, and checking them, so that we have as many of the older plugins reinstalled as some of them power features that don't work without those plugins.  All domains on the network can receive plugins/plugin updates without causing errors as of this update.

REMOVAL OF OLDER PLUGINS:  Some of the plugins we have been using appear to work with the current or previous versions of Wordpress, but some were giving the compatibility checker some troubles.  I now have PHP AND MySQL updated to 7.4/8.0, so it looks like all I have to do is try to find the equivalent plugins for the version that we are running now.  If it does NOT work, or shows problems, I will remove them.

HTTPS:  All domains now show HTTPS - A couple of them had a warning, stating "Site is set up for HTTPS, but the URL should be corrected."  I noted this, and went in, and was able to solve that problem - I felt stupid, cause the HTTPS Plugin I was using was NOT working, and I was able to correct the problem in seconds, once I was able to SEE that I had an OBVIOUS problem.  All Domains appear to be all set for now.

WIDGETS:  Next, I will make sure that all plugins are installed if they are available, and will then be checking the sites for widgets that may be missing, or incompatible - We need to make sure that we have these working, and on the pages that they are supposed to be, so that they work.  This should be easy, as we can check the plugins directories, and look at the deactivated OLD plugins, and then search for them.  

That's all from here!

Brian

[~Brian~]

The following things were completed Today: (6/1/2022 @17:00 EDT)

APT UPDATE FAILURE: (GPG Error) Today I corrected a Key Signing Error that would make doing 'apt-get update' commands impossible, because I needed a  key from surray.org.  This has been corrected today.  Now, we should be able to get system updates without errors.

BBDC SITE RESTORED: Yesterday Afternoon, There was some sort of error on BBDC, that caused me to have an ERROR caused by an errant plugin, and I could NOT remove the plugin, NOR deactivate it, so I removed the DOT com site, and restored it from backup of April 4, 2022 - After that, I upgraded the site to Wordpress 6.0.  Site restored and operating normally, with updates continuing as time allows.

DOWNTIME:  Cardinal was shutdown to a HALT about 4 AM EDT this morning:  This was due to a Condition RED:  caused by heavy rain and THUNDER, and when this happens, we take the server down to a HALT until the bad weather passes.  Services were restored around 9AM, and services are functioning: I will be doing maintenance this week to deal with a couple issues that deal with services.  It is not known how long it will take for the maintenance window to be completed, but it should only take about 30-40 minutes, or less

That's all from here

Brian

Edited June 1, 2022 by ~Brian~
General Edits

[~Brian~]

WEBSITE UPDATES:

BB DOT COM/STORE

JUNE 5, 2022 @12:37 PM EDT

PLUGINS:  Had to add Site Origin Plugins that (/store) page was missing, and (/Main) page probably lacks.  Also added post-types-order plugin that was missing.  Now, I have the bottom menu restored and in the right order.  Will continue to add plugins that we may be missing if found. 

CONTENT: Now that we are allowed to operate the Thrift Store, and we have been doing so since about March 20, 2022, I can now add the content that we do NOT have - We lost some content because of a crash in 2020, and I found that the reason was due to the SQL Databases that were somehow corrupted, so we had to use one that was restored from sometime in 2019, and this backup was MISSING any new content I had added in 2020 and 2021, because this was before I had added it to the site.  BBDC is the ONLY site where content was lost, because I did NOT backup the database - Lesson LEARNED. 

TRANSITION:  We also have a transition, with a new Pastor, which will happen this month, so I want to make sure that we are "ship shape" as far as my responsibilities go, and since we are in a transition phase, some decisions will be made by the current pastor, while others, occurring From July 2022 Forward, will be made by our new pastor.  I have also been cleaning up my store record keeping, and should be able to add additional content shortly, now that I have copying and scanning capabilities again.  I pray for the transition teams at both ends, and also for the safe travels of both pastors as they assume their new assignments:  I have learned a LOT since I took the helm in April of 2017. and I pray that God will continue to give me the strength and wisdom, as well as good HEALTH. This way, I can continue to serve the community as I have since 2009.

That's All from here for now

Brian

 

 

 

[~Brian~]

WEBSITE UPDATES:

BB DOT COM/STORE

JUNE 7, 2022 @12:15 PM EDT

UPDATES:  Today, I have added additional content that was somehow lost when we lost the Database for the BBDC domain.  I have been adding functionality to the site, as some of it was messed up due to loss of plugins, that we were able to find and restore.  Once we did that, I had to "re-educate" myself, because I had forgotten how some of the functions worked.  I have had to add a couple plugins, and once I did that, it reordered the "Services' and "Other Services" areas so that they show up as I wanted them to.  I have been adding new Pages, and Posts to our blog, and edited information about store status, and Store News, and will continue to add more info as we continue to make changes to content and operations, changes to programs and services.  We will be adding more information as time allows.

OTHER UPDATES:  Other updates to Domains will be completed as needed and links and information will be added or changed as we find the need to do that, as some information needs to be added or changed because it is dated.

That's all from here for now:

Brian

[willnotwill]

Thanks for the heads up on getssl.  I've spent lots of time beating my head against certbot over the years.

[~Brian~]

6 hours ago, willnotwill said:

Thanks for the heads up on getssl.  I've spent lots of time beating my head against certbot over the years.

@willnotwill

You are welcome sir:  The problem that I had was that certbot-auto was discontinued, and there was no further support for Debian 8, and Debian 9-11 required you to use the snaps and snapd in order to run and install certbot.  Once I was able to upgrade to Debian 11 (Bullseye) I was contemplating using what I had been using on Debian 8, because I really did NOT need the snapd/snaps clogging up my system, as a package manager, because we are using Synaptic and apt-get to install updates and packages, and why have snaps on there JUST for running Certbot?

After working VERY hard to avoid the issue of snaps/snapd, I FINALLY simply installed it and ran the install for it: This way, I can get a cert renewal using the appropriate commands, and ALL 4 Domains are covered, and that makes 8 domains IF you take my DOT US / DOT COM / DOT ORG / DOT INFO and also www DOT <Domain> for each.  Now, I have ONE certificate for my domains, and it covers all 8 instances.

Brian

[zzyzx]

22 hours ago, ~Brian~ said:

After working VERY hard to avoid the issue of snaps/snapd,

@~Brian~

Aaarrrrrgggghhhhhhh.....  Snaps are finally invading Debian?  : (

I have been considering dumping Ubuntu and going back to Debian over Canonical's usage of Snaps.  In one older version they switched the default gnome desktop over to a snap, but left the apt / dpkg packages around.  Fortunately, they have backed down on that one, but as of 20.04 Chrome's "standard" install is only a snap and as of 22.04, Firefox "standard" install is only a snap.  : (

Fortunately, there are third party PPA builds of the software that allow one to keep out of the hole for the two browsers.  Unfortunately a default upgrade of the desktop from 20.04 to 22.04 will want to install the web browser from a Snap and give you no way around it unless you play a PPA game as part of the upgrade -- which is something I try to avoid.  Still working out the best way to upgrade from 20.04 to 22.04.

Grrrrr.....

[~Brian~]

WEBSITE UPDATES:

BB DOT COM/STORE

JUNE 9, 2022 @17:40 PM EDT

UPDATES:  Today, I added Content to the BBDC (/store) Media Galley:  This to be exact was 16 images that I wanted to add - These pictures were on the Facebook Page of my church, and had been there for a while, and when we dealt with paying bills in 2021, the websites came up, and I had to justify them to the finance committee.  I have and had been working on content, and had to ask the pastor for some of the pictures, but then realized that I just had to go back into facebook far enough, and I was able to find at LEAST 16 photos that I wanted to add to the media library for the store. 

DD Photos:  SEVEN Photos from that upload now reside in my DD Photo album, including a couple that I think are pretty cool:  One of me in Silhouette, One of me working on a sale in 2021 Organizing hangers - It can NOT be said that @~Brian~ does NOT earn, or did NOT earn his stripes   Check ThemOut!

Advertising:  Store Hours Advertising has been created, and submitted to local free outlets

That's All from here

Note to @DailyDi THIS time, I did NOT have a problem because what I uploaded was JUST right, and did NOT exceed my upload limit(s)

 

Brian

Edited July 18, 2022 by ~Brian~
Added Additional Information and Edited some information

[~Brian~]

On 6/8/2022 at 10:20 PM, zzyzx said:

@~Brian~

Aaarrrrrgggghhhhhhh.....  Snaps are finally invading Debian?  : (

I have been considering dumping Ubuntu and going back to Debian over Canonical's usage of Snaps.  In one older version they switched the default gnome desktop over to a snap, but left the apt / dpkg packages around.  Fortunately, they have backed down on that one, but as of 20.04 Chrome's "standard" install is only a snap and as of 22.04, Firefox "standard" install is only a snap.  : (

Fortunately, there are third party PPA builds of the software that allow one to keep out of the hole for the two browsers.  Unfortunately a default upgrade of the desktop from 20.04 to 22.04 will want to install the web browser from a Snap and give you no way around it unless you play a PPA game as part of the upgrade -- which is something I try to avoid.  Still working out the best way to upgrade from 20.04 to 22.04.

Grrrrr.....

@zzyzx

(Saw your reply to my thread, specifically about snaps/snapd, and wanted to respond to your concerns, which I share)

YEP:  Snaps/snapd is already in Debian Versions 9.x and UP, and are required to install certbot:  I not ONLY could NOT install certbot, BUT I needed Debian 9 or higher (I went with 11) to be able to install snaps, and there was NO version that was available for Debian 8.3, so I had to back UP the whole SYSTEM over 3 months, and then do a reinstall of debian 11, and then restore, finding that I was missing things, but NOT as bad as the first time:  This Thread exists to let people know about my sites, but it also chronically details HOW I did WHAT I did and WHY I do/did it:  I Now have a record of it, so it can help me if I need it later  

Like You, I don't like the idea of having to dump good programs in favor of making new ones that are supposed to be better than what they replace, only to REQUIRE a support program that would ONLY be used to maintain/install/uninstall ONE program.  I understand that the maintainers may find that it is easier to build on something to make it easier for them to maintain, but snaps and snapd are package install/uninstall utilities.  Any System Admin that runs their server(s) have to make the decision as to what OS they run - Unix/Linux/MacOS/IpadOS/Windows, etc. 

As such, we should then have the ability to choose how we use programs, and should NOT be told that we HAVE to install support programs that have simply ONE Function and ONE function ONLY - Where is the CHOICE - That is why there are so many flavors of Linux, because each person has preferences, and can customize things:  Some system admins start from the kernel and custom compile in whatever they want, so this is cool, and it gives people the choice.

HOWEVER:  Having snaps just to do one or 2 things would be like installing 5 kernels, and NOT removing the older ones when you know you are low on space:  We have apt, aptitude, synaptic, and snaps/snapd - How many package managers does one need to install and maintain the system?  Additionally: Look at this: My 'df' output:

	brian@cardinal:~$ df
Filesystem                     1K-blocks      Used Available Use% Mounted on
udev                             3965068         0   3965068   0% /dev
tmpfs                             798108      1276    796832   1% /run
/dev/mapper/cardinal--vg-root 1920246048 882991888 939637264  49% /
tmpfs                            3990532         0   3990532   0% /dev/shm
tmpfs                               5120         4      5116   1% /run/lock
/dev/loop2                        116736    116736         0 100% /snap/core/13308
/dev/loop0                         44928     44928         0 100% /snap/certbot/2035
/dev/loop3                        114432    114432         0 100% /snap/core/13250
/dev/loop5                         63488     63488         0 100% /snap/core20/1518
/dev/loop4                         63488     63488         0 100% /snap/core20/1494
/dev/sda1                         480618    170060    285624  38% /boot
tmpfs                             798104        60    798044   1% /run/user/118
/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
tmpfs                             798104        56    798048   1% /run/user/1000
brian@cardinal:~$
	

Now:  Look at how many mountpoints my system has because of snaps/snapd:

	/dev/loop2                        116736    116736         0 100% /snap/core/13308
/dev/loop0                         44928     44928         0 100% /snap/certbot/2035
/dev/loop3                        114432    114432         0 100% /snap/core/13250
/dev/loop5                         63488     63488         0 100% /snap/core20/1518
/dev/loop4                         63488     63488         0 100% /snap/core20/1494
	/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
	

Now, if we just look at my mountpoints that have NOTHING to do with snaps/snapd we see:

	Filesystem                     1K-blocks      Used Available Use% Mounted on
udev                             3965068         0   3965068   0% /dev
tmpfs                             798108      1276    796832   1% /run
/dev/mapper/cardinal--vg-root 1920246048 882991888 939637264  49% /
tmpfs                            3990532         0   3990532   0% /dev/shm
tmpfs                               5120         4      5116   1% /run/lock
	/dev/sda1                         480618    170060    285624  38% /boot
tmpfs                             798104        60    798044   1% /run/user/118
/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
tmpfs                             798104        56    798048   1% /run/user/1000
	

Which is a LOT cleaner than having all the stuff listed in the first codebox.

Not ONLY that, but these damn things are permanently MOUNTED to my filesystem, and I don't really want them there, but it's either that, or mucking around with acme.sh, or getssl, or some other tool that would REPLACE certbot-auto, simply because the maintainers feel like its too much work:  well:  I don't want to mount anything that is NOT necessary, but certbot is EASY to command a certificate renewal, and I can do it for www. [buddy-baker.com/.org/.us/.info] and [buddy-baker.com/.org/.us/.info ] = [8 Domains, 4 with www. and 4 without] and I can do it in seconds, and I don't get the timeouts I was getting with acme.sh, and I am using letsencrypt, so I just had to re-up and replace the older keys with the new ones, because they cover in 2 keys what would have taken 8 to do

Finally, it takes 6 mountpoints:  (5 for snaps, 1 for certbot):  WHY so damn MANY??

OK:  I don't get it either, but what can you do? My system is at Bullseye, so I am up to date, and can get updates, and is working well, but you don't mess around with things that work, in an effort to try to FIX things that are NOT broken:  You usually want to FIX broken stuff, NOT Break working stuff, right @DailyDi?

Brian

 

 

 

[DailyDi]

Leave well enough alone lol 

[zzyzx]

5 hours ago, ~Brian~ said:

@zzyzx

(Saw your reply to my thread, specifically about snaps/snapd, and wanted to respond to your concerns, which I share)

YEP:  Snaps/snapd is already in Debian Versions 9.x and UP, and are required to install certbot:  I not ONLY could NOT install certbot, BUT I needed Debian 9 or higher (I went with 11) to be able to install snaps, and there was NO version that was available for Debian 8.3, so I had to back UP the whole SYSTEM over 3 months, and then do a reinstall of debian 11, and then restore, finding that I was missing things, but NOT as bad as the first time:  This Thread exists to let people know about my sites, but it also chronically details HOW I did WHAT I did and WHY I do/did it:  I Now have a record of it, so it can help me if I need it later  

Like You, I don't like the idea of having to dump good programs in favor of making new ones that are supposed to be better than what they replace, only to REQUIRE a support program that would ONLY be used to maintain/install/uninstall ONE program.  I understand that the maintainers may find that it is easier to build on something to make it easier for them to maintain, but snaps and snapd are package install/uninstall utilities.  Any System Admin that runs their server(s) have to make the decision as to what OS they run - Unix/Linux/MacOS/IpadOS/Windows, etc. 

As such, we should then have the ability to choose how we use programs, and should NOT be told that we HAVE to install support programs that have simply ONE Function and ONE function ONLY - Where is the CHOICE - That is why there are so many flavors of Linux, because each person has preferences, and can customize things:  Some system admins start from the kernel and custom compile in whatever they want, so this is cool, and it gives people the choice.

HOWEVER:  Having snaps just to do one or 2 things would be like installing 5 kernels, and NOT removing the older ones when you know you are low on space:  We have apt, aptitude, synaptic, and snaps/snapd - How many package managers does one need to install and maintain the system?  Additionally: Look at this: My 'df' output:

 

	brian@cardinal:~$ df
Filesystem                     1K-blocks      Used Available Use% Mounted on
udev                             3965068         0   3965068   0% /dev
tmpfs                             798108      1276    796832   1% /run
/dev/mapper/cardinal--vg-root 1920246048 882991888 939637264  49% /
tmpfs                            3990532         0   3990532   0% /dev/shm
tmpfs                               5120         4      5116   1% /run/lock
/dev/loop2                        116736    116736         0 100% /snap/core/13308
/dev/loop0                         44928     44928         0 100% /snap/certbot/2035
/dev/loop3                        114432    114432         0 100% /snap/core/13250
/dev/loop5                         63488     63488         0 100% /snap/core20/1518
/dev/loop4                         63488     63488         0 100% /snap/core20/1494
/dev/sda1                         480618    170060    285624  38% /boot
tmpfs                             798104        60    798044   1% /run/user/118
/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
tmpfs                             798104        56    798048   1% /run/user/1000
brian@cardinal:~$
	

 

Now:  Look at how many mountpoints my system has because of snaps/snapd:

 

	/dev/loop2                        116736    116736         0 100% /snap/core/13308
/dev/loop0                         44928     44928         0 100% /snap/certbot/2035
/dev/loop3                        114432    114432         0 100% /snap/core/13250
/dev/loop5                         63488     63488         0 100% /snap/core20/1518
/dev/loop4                         63488     63488         0 100% /snap/core20/1494
	/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
	

 

Now, if we just look at my mountpoints that have NOTHING to do with snaps/snapd we see:

 

	Filesystem                     1K-blocks      Used Available Use% Mounted on
udev                             3965068         0   3965068   0% /dev
tmpfs                             798108      1276    796832   1% /run
/dev/mapper/cardinal--vg-root 1920246048 882991888 939637264  49% /
tmpfs                            3990532         0   3990532   0% /dev/shm
tmpfs                               5120         4      5116   1% /run/lock
	/dev/sda1                         480618    170060    285624  38% /boot
tmpfs                             798104        60    798044   1% /run/user/118
/dev/loop6                         44928     44928         0 100% /snap/certbot/2133
tmpfs                             798104        56    798048   1% /run/user/1000
	

 

Which is a LOT cleaner than having all the stuff listed in the first codebox.

Not ONLY that, but these damn things are permanently MOUNTED to my filesystem, and I don't really want them there, but it's either that, or mucking around with acme.sh, or getssl, or some other tool that would REPLACE certbot-auto, simply because the maintainers feel like its too much work:  well:  I don't want to mount anything that is NOT necessary, but certbot is EASY to command a certificate renewal, and I can do it for www. [buddy-baker.com/.org/.us/.info] and [buddy-baker.com/.org/.us/.info ] = [8 Domains, 4 with www. and 4 without] and I can do it in seconds, and I don't get the timeouts I was getting with acme.sh, and I am using letsencrypt, so I just had to re-up and replace the older keys with the new ones, because they cover in 2 keys what would have taken 8 to do

Finally, it takes 6 mountpoints:  (5 for snaps, 1 for certbot):  WHY so damn MANY??

OK:  I don't get it either, but what can you do? My system is at Bullseye, so I am up to date, and can get updates, and is working well, but you don't mess around with things that work, in an effort to try to FIX things that are NOT broken:  You usually want to FIX broken stuff, NOT Break working stuff, right @DailyDi?

Brian

 

 

 

@~Brian~

While all good (negative) points about the snap setup, my FIRST reason for disliking them is that the folks distributing the snap package is in control of WHEN your snap installed package is updated.  You have no control of holding off installing an update.  If you are connected (without blocks) to the internet, snap packages will auto-update on you.  At least with Debian's package system I can control if and when a package gets updated, and if I don't like an update I CAN back it out and go back to a previous version.  : (

[~Brian~]

This Morning, I upgraded SPARROW with a Win 11 PRO key, so that regardless of what I am doing, I will be able to connect to any computer that is on my network with Remote Desktop, and this will make SPARROW almost as good as DOVE (work laptop).

One thing that makes me a tad upset is that MS forces the updates when and where they want to, and unless you are running a version of ANYTHING "PRO" You end up getting the updates, and cant stop them for more then a couple weeks, and this is almost as bad as when they used to see a "Win7 machine" and go "Gee, Win7, UPDATE IMMEDIATELY - when there are people who did NOT want the upgrade(s)

I know that Here in Vermont, where Granite Sheds have machines that run their cutting saws, that Machines are specialized because in some cases, the ONLY way that they can run at all, is to make sure that the programs running on the older OS are compatible with the NEWER OS, which, is the way it SHOULD be done, but when you have a company who wants you to have the newest versions of EVERYTHING, when they say for example that Windows 10 was the "last version of windows"  we ALL know that was a LIE, and of course, we are at win 11.

I don't MIND Windows, but I do wish that we would have more control over what gets installed - That is why I have PRO versions, because you can set options that can help you - It also has the network communication tools and security tools that HOME does NOT

I like having all of my machines running PRO because it allows ease of connection(s) to whatever I need, and now I can do that from SPARROW or any computer TO another

Glad I did that

Cost me $12 to do that, and I have to remember that the Keys I use have to be done OFFLINE

Brian

[~Brian~]

WEBSITE UPDATE: BBDC/STORE (6/23/22 @10:44AM EDT)

The following tasks were completed over the 10 or so days:

DD Profile:  Added a New Profile Picture: Me in wheelchair, in Silhouette.  Also changed Cover Photo to one of me working at a 2021 Outdoor Sale Event (I am sorting Hangers here)

BBDC/Store:  The website has been updated to complete information in the SERVICES and OTHER SERVICES areas of the Main Page footer.  Anything that needed linking there has been linked, and tested to make sure that it responds to clicks, and each location goes somewhere. 

Updated were:  Big Sales Link, Special Sales Link, Donate to Us Link, Safe Haven Link, Ida's Closet Link, About This Ministry Link, Director's Messsge Link and Page, Store News Link and Page, Upcoming Events Link and Page, Store Staff Link and Page.

Still Left:  Contact us Link and Page, to make sure she is working correctly - Still does not seem to send mail back to my director's email address.

TOP MENU Edits:  Several Updates have been made to add function to pages that either needed to be created or re-created.  Added a "Partners" Menu link in Top Menu, so people see who we deal with in the community. Under BBDC Services:  The "Thrift Store Home:" "Store Policies" and "Store Services Menus have been updated to link up things that we were missing.  Added a "message response policy" to the "Store Policies" Menu, and a Link to Store Updates, Ida's Closet, Safe Haven, and our Helping Hands Program. This program page will be updated in the next few weeks.

That's all from the Page Editing and Creation Side for Now

Brian

Edited June 23, 2022 by ~Brian~
Added Additional Information and Edited some information

[~Brian~]

WEBSITE MAINTENANCE (Monthly backup/ Site File Update) (6/23/22 @08:00 EDT)

ALL DOMAINS (cardinal, bluejay, eagle, mallard, talon)

Starting at 08:00 EDT, I began the process of backing up all websites in the BBWN (Cardinal, Bluejay, Eagle, Mallard and Talon).  In order to do this, I go site by site, and create the backups based on the directory such as cardinal-6-22-22.tgz.  The only Difference would be the sites name followed by a dash (-the-month-the-day-the-year.tgz).  

I entered each directory and commanded tar zcvpf site-m-dd-yy.tgz * and let them targzip itself.  Then, once done, I move each site based backup to the site directory of the backup. 

Then, I moved all of the older web-all-* backup files to the web_backups directory, check them to make sure there are no errors, and then remove the files that are *.tar and *.tgz, once they are compared and checked for integrity.  Once all files are in web_backups/ I command a tar zcvpf web-all-6-22-22.tgz * --exclude web_backups - which will backup the entire web directory (/var/www/ from root down) and once I do that, I can remove older files and make sure everything we have is up to date as far as the date and the data within the backup is

NEXT:  I used mysqldump commands to command a backup of all of the databases for each site - The databases are the heart and soul of the websites, so they MUST be kept updated as one miss, and one corruption, and the data is gone, even if the files remain intact:  database backups taken using mysqldump -p database  > database.sql

Each database was backed up as a standalone file, and then an all-databases-6-22-22.sql file was created and moved to the directory where they are stored:  By year, Month, and Day.

All Databases are backed up and stored - Now I am waiting for the completion of the file copy operations.

That's all for now

Brian

[~Brian~]

WEBSITE MAINTENANCE (Monthly backup/ Site File Update) (7/18/22 @11:15 EDT)

ALL DOMAINS (cardinal, bluejay, eagle, mallard, talon)

This morning, I am BACKING UP all sites on all domains.  This process takes several days, because I have to make sure that we don't backup directories that have compressed data (.Z, .gz. .tgz, .tar, .tar.* and .zip) more than once.  To effect the proper sequence, I took the backup files for /var/www/ and moved them to a web_backups/ directory, then I commanded a:

tar --exclude='file1.txt' --exclude='folder1' -zcvf backup.tar.gz .
	

which I changed to:

tar --exclude='web_backups' -zcvf web-all-7-15-22.tgz .
	

(SOURCE:  Tar directories and files examples)

Note that we need an equal sign in the command, and note the PERIOD at the end, which is needed.

The example above is gonna back up the requested files that are in the /var/www/ directory, with the EXCEPTION of the web_backups directory, that is in the single quotes - This one has mystified me for a while, as I seem to male mistakes in the syntax, and it is a PITA to fix errors that are just backing up EVERYTHING, without even seeing the --exclude= 'directory' or --exclude 'file.*  flag - Think I got it this time

2 TB STICKS FOR WEBFILES and DATABASES: I plan on also moving files needed to 2 2TB sticks, so I have the Databases and the websites:  I DO NOT want this to happen again, as the Databases are the heart of the system - Sure, you have the files for the Wordpress site, but you dont have the data to go with it, UNLESS you backup the databases for all of the domains:  The databases tell wordpress information it needs to make your site the way it is, and YES, you can export data to an .XML file and restore it, but the Databases are needed as well.

FULL BACKUP:  As soon as we get ALL of the websites backed up, I will do a FULL backup of Cardinal:  However, there are directories that we DON'T need to backup, so I want to exclude those, and get the backup of the system without getting "X file has changed while reading it" notifications, so hopefully, I get the files I NEED, and can exclude the ones I DON'T NEED.  Will do this backup soon.

That's all from here

Brian

 

Edited July 18, 2022 by ~Brian~
Fixed Syntax: Codebox

[~Brian~]

BACKUP OF DOMAINS COMPLETE (7/19/22 @17:50 EDT):  All domains have been backed up and tgz'd, copied to sticks /2TB_1 and /2TB_2 and databases now reside with the FULL backups of all domains   Now, to figure out the directories I can exclude from a FULL backup, and we will start a FULL backup of Cardinal!  

Will Update when that happens

Brian

[~Brian~]

Yesterday while at work, I took the time to look at several of my directories. It looks like most of the ones that I don't need to back up include ones that already have backups within them, or ones such as /run, /proc, /dev, /sys, /tmp, /temp, /var/log/, and any external drives that are mounted to the file system. When I do a backup, I probably will mount one of them, and dismount every other drive that is not necessary, because doing a system backup from root down will encompass every file system that is actually connected.

Once completed, I will then go and do an audit of all of the files on the system. I may have to go back in and make some adjustments to the SSH daemon, because I want to make sure that my additions to the config file allow for group logins, while disallowing all others. This is a way to keep the system secure, while keeping individuals out that do not belong there. This will happen over the next three months because this will take some research and time to complete. 

When I do a backup, I don't normally disable logins while doing so. However, people that log into my machine will realize that doing backups will slow down the machine somewhat, So what I have learned is when doing a backup is to give the -zcvpf command sequence followed by the file name, and a dot TGZ and another period on the end. This will ensure that I get what I need and hopefully will allow me to exclude what I don't, because if you don't exclude files that change during a backup, all you will end up doing is getting a ton of warnings about files changing while backing them up, and it is not necessary to back up files that change as they are being backed up. Also, making sure that I don't back up what I don't need will make the backup less arduous, and easier to handle sizewise. A plain tape backup file without being compressed is approximately twice what is zipped and gzipped file is, so a .Tgz file will keep the size manageable.

Will update again when I'm ready to do a full backup

Thats all from here! 

Brian

 

[zzyzx]

11 hours ago, ~Brian~ said:

I may have to go back in and make some adjustments to the SSH daemon, because I want to make sure that my additions to the config file allow for group logins, while disallowing all others. This is a way to keep the system secure, while keeping individuals out that do not belong there. This will happen over the next three months because this will take some research and time to complete.

@~Brian~:  If you create a group and then assign only the user accounts you want to permit ssh login to that group, you can then edit your /etc/ssh/sshd_config file to limit ssh/sftp logins to members of that group (or some additional exceptions).  Then you restart the ssh daemon to read the modified config file to have changes take effect.  (i.e. reboot or something like "/etc/init.d/ssh restart" run as root).  I don't remember the details off the top of my head, and I can't quote from my work systems where I'm doing this....  Best wishes on looking up the options for handling this.

[~Brian~]

11 hours ago, zzyzx said:

@~Brian~:  If you create a group and then assign only the user accounts you want to permit ssh login to that group, you can then edit your /etc/ssh/sshd_config file to limit ssh/sftp logins to members of that group (or some additional exceptions).  Then you restart the ssh daemon to read the modified config file to have changes take effect.  (i.e. reboot or something like "/etc/init.d/ssh restart" run as root).  I don't remember the details off the top of my head, and I can't quote from my work systems where I'm doing this....  Best wishes on looking up the options for handling this.

@zzyzx

thank you for that information! I believe that is what I had before I went and updated to Debian 11. There might have been something that has changed in the way the SSH client or the SSH daemon runs and so the configuration files may have to be changed. I have several groups. However, there are only four that can log in. One of them is admin, one of them is logins, and then I have a few others for adding special friends or family members that may want to access my network printing resources. As a rule, a disable root login karma so you have no way of logging in directly from anywhere. The problem is is that I think there was a change made to the SSH daemon or the config files because when I try to use the same syntaxes as before, it did not work as intended. I will have to look and see if the SSH daemon in Debian 11 changed significantly enough so that the proper syntax has to be investigated and changed.

Brian

[zzyzx]

16 hours ago, ~Brian~ said:

@zzyzx

thank you for that information! I believe that is what I had before I went and updated to Debian 11. There might have been something that has changed in the way the SSH client or the SSH daemon runs and so the configuration files may have to be changed. I have several groups. However, there are only four that can log in. One of them is admin, one of them is logins, and then I have a few others for adding special friends or family members that may want to access my network printing resources. As a rule, a disable root login karma so you have no way of logging in directly from anywhere. The problem is is that I think there was a change made to the SSH daemon or the config files because when I try to use the same syntaxes as before, it did not work as intended. I will have to look and see if the SSH daemon in Debian 11 changed significantly enough so that the proper syntax has to be investigated and changed.

Brian

@~Brian~:

My memory says you skipped about 3 versions of Debian (from 8 to 11, or something like that).  Yes, in that large a gap (~2.5 years between versions?), there are changes in the SSH daemon that impact the sshd_conf file.  There are some differences in what statements need to be in the file.  From memory, what I add to the end of the file for handling the login limitations (based on being a member of one permitted SSH group) is the same, but there are (a) possible changes (Debian vs Ubuntu that I'm more familiar with) to keeping root from a direct login, and (b) I require RSA SSH keys when coming in via SSH or SFTP, along with requiring the account's password.  And I did have to change some default configuration values to pull that off.  But I think all of this is able to be found with google.

I also run with default root login disabled, and typically require sudo to be used for root access.

Best wishes.

[~Brian~]

11 hours ago, zzyzx said:

@~Brian~:

My memory says you skipped about 3 versions of Debian (from 8 to 11, or something like that).  Yes, in that large a gap (~2.5 years between versions?), there are changes in the SSH daemon that impact the sshd_conf file.  There are some differences in what statements need to be in the file.  From memory, what I add to the end of the file for handling the login limitations (based on being a member of one permitted SSH group) is the same, but there are (a) possible changes (Debian vs Ubuntu that I'm more familiar with) to keeping root from a direct login, and (b) I require RSA SSH keys when coming in via SSH or SFTP, along with requiring the account's password.  And I did have to change some default configuration values to pull that off.  But I think all of this is able to be found with google.

I also run with default root login disabled, and typically require sudo to be used for root access.

Best wishes.

@zzyzx

Thanks for that info:  I will Google this and see if there is an answer, and then if I find it, I will post it here, and then I will have a record of it, should i have to find it again;  I realize that there may be some changes, but I didn't think that they would be too different:  will check it out!

Thanks,

Brian

Edited July 26, 2022 by ~Brian~
General Edits

[~Brian~]

Complete Backup (root down) (/) Commenced [7-29-22@12:30EDT]

Brian